Module: ActionView::Helpers::SanitizeHelper::ClassMethods

Defined in:
lib/action_view/helpers/sanitize_helper.rb

Overview

:nodoc:

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.extended(base) ⇒ Object 



94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
# File 'lib/action_view/helpers/sanitize_helper.rb', line 94

def self.extended(base)
  class << base
    attr_writer :full_sanitizer, :link_sanitizer, :white_list_sanitizer

    # we want these to be class methods on ActionView::Base, they'll get mattr_readers for these below.
    helper_def = [:sanitized_protocol_separator, :sanitized_uri_attributes, :sanitized_bad_tags, :sanitized_allowed_tags,
        :sanitized_allowed_attributes, :sanitized_allowed_css_properties, :sanitized_allowed_css_keywords,
        :sanitized_shorthand_css_properties, :sanitized_allowed_protocols, :sanitized_protocol_separator=].collect! do |prop|
      prop = prop.to_s
      "def #{prop}(#{:value if prop =~ /=$/}) white_list_sanitizer.#{prop.sub /sanitized_/, ''} #{:value if prop =~ /=$/} end"
    end.join("\n")
    eval helper_def
  end
end

Instance Method Details

#full_sanitizerObject

Gets the HTML::FullSanitizer instance used by strip_tags. Replace with any object that responds to #sanitize

Rails::Initializer.run do |config|
  config.action_view.full_sanitizer = MySpecialSanitizer.new
end



116
117
118
 
# File 'lib/action_view/helpers/sanitize_helper.rb', line 116

def full_sanitizer
  @full_sanitizer ||= HTML::FullSanitizer.new
end

#link_sanitizerObject

Gets the HTML::LinkSanitizer instance used by strip_links. Replace with any object that responds to #sanitize

Rails::Initializer.run do |config|
  config.action_view.link_sanitizer = MySpecialSanitizer.new
end



127
128
129
 
# File 'lib/action_view/helpers/sanitize_helper.rb', line 127

def link_sanitizer
  @link_sanitizer ||= HTML::LinkSanitizer.new
end

#sanitized_allowed_attributes=(attributes) ⇒ Object

Adds to the Set of allowed html attributes for the #sanitize helper.

Rails::Initializer.run do |config|
  config.action_view.sanitized_allowed_attributes = 'onclick', 'longdesc'
end



177
178
179
 
# File 'lib/action_view/helpers/sanitize_helper.rb', line 177

def sanitized_allowed_attributes=(attributes)
  HTML::WhiteListSanitizer.allowed_attributes.merge(attributes)
end

#sanitized_allowed_css_keywords=(attributes) ⇒ Object

Adds to the Set of allowed css keywords for the #sanitize and #sanitize_css helpers.

Rails::Initializer.run do |config|
  config.action_view.sanitized_allowed_css_keywords = 'expression'
end



197
198
199
 
# File 'lib/action_view/helpers/sanitize_helper.rb', line 197

def sanitized_allowed_css_keywords=(attributes)
  HTML::WhiteListSanitizer.allowed_css_keywords.merge(attributes)
end

#sanitized_allowed_css_properties=(attributes) ⇒ Object

Adds to the Set of allowed css properties for the #sanitize and #sanitize_css heleprs.

Rails::Initializer.run do |config|
  config.action_view.sanitized_allowed_css_properties = 'expression'
end



187
188
189
 
# File 'lib/action_view/helpers/sanitize_helper.rb', line 187

def sanitized_allowed_css_properties=(attributes)
  HTML::WhiteListSanitizer.allowed_css_properties.merge(attributes)
end

#sanitized_allowed_protocols=(attributes) ⇒ Object

Adds to the Set of allowed protocols for the #sanitize helper.

Rails::Initializer.run do |config|
  config.action_view.sanitized_allowed_protocols = 'ssh', 'feed'
end



217
218
219
 
# File 'lib/action_view/helpers/sanitize_helper.rb', line 217

def sanitized_allowed_protocols=(attributes)
  HTML::WhiteListSanitizer.allowed_protocols.merge(attributes)
end

#sanitized_allowed_tags=(attributes) ⇒ Object

Adds to the Set of allowed tags for the #sanitize helper.

Rails::Initializer.run do |config|
  config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td'
end



167
168
169
 
# File 'lib/action_view/helpers/sanitize_helper.rb', line 167

def sanitized_allowed_tags=(attributes)
  HTML::WhiteListSanitizer.allowed_tags.merge(attributes)
end

#sanitized_bad_tags=(attributes) ⇒ Object

Adds to the Set of ‘bad’ tags for the #sanitize helper.

Rails::Initializer.run do |config|
  config.action_view.sanitized_bad_tags = 'embed', 'object'
end



158
159
160
 
# File 'lib/action_view/helpers/sanitize_helper.rb', line 158

def sanitized_bad_tags=(attributes)
  HTML::WhiteListSanitizer.bad_tags.merge(attributes)
end

#sanitized_shorthand_css_properties=(attributes) ⇒ Object

Adds to the Set of allowed shorthand css properties for the #sanitize and #sanitize_css helpers.

Rails::Initializer.run do |config|
  config.action_view.sanitized_shorthand_css_properties = 'expression'
end



207
208
209
 
# File 'lib/action_view/helpers/sanitize_helper.rb', line 207

def sanitized_shorthand_css_properties=(attributes)
  HTML::WhiteListSanitizer.shorthand_css_properties.merge(attributes)
end

#sanitized_uri_attributes=(attributes) ⇒ Object

Adds valid HTML attributes that the #sanitize helper checks for URIs.

Rails::Initializer.run do |config|
  config.action_view.sanitized_uri_attributes = 'lowsrc', 'target'
end



148
149
150
 
# File 'lib/action_view/helpers/sanitize_helper.rb', line 148

def sanitized_uri_attributes=(attributes)
  HTML::WhiteListSanitizer.uri_attributes.merge(attributes)
end

#white_list_sanitizerObject

Gets the HTML::WhiteListSanitizer instance used by sanitize and sanitize_css. Replace with any object that responds to #sanitize

Rails::Initializer.run do |config|
  config.action_view.white_list_sanitizer = MySpecialSanitizer.new
end



138
139
140
 
# File 'lib/action_view/helpers/sanitize_helper.rb', line 138

def white_list_sanitizer
  @white_list_sanitizer ||= HTML::WhiteListSanitizer.new
end